14 DAY TRIAL // Enterprise Management Associates (EMA) has conducted a survey on behalf of Security Mentor. The report focuses on security awareness training and it’s entitled “Security Awareness Training: It's Not Just for Compliance.”
The study, in which over 600 people have been surveyed, has shown that 56 percent of corporate employees haven’t benefited from security or policy awareness training from their organizations. This doesn’t include security and IT staff.
45% of respondents said that they received training in one annual session. Experts warn that without security training, many employees remain unaware of the risks and they’re more likely to make bad decisions.
“People repeatedly have been shown as the weak link in the security program. Without training, people will click on links in email and release sensitive information in any number of ways. In most cases they don't realize what they are doing is wrong until a third-party makes them aware of it,” explained EMA Research Director David Monahan.
“In reality, organizations that fail to train their people are doing their business, their personnel and, quite frankly, the Internet as a whole a disservice because their employees’ not only make poor security decisions at work but also at home on their personal computing devices as well.”
The figures also show that 66% of employees believe that the training material should be easy to understand. 59% highlighted the importance of interactive activities.
The study shows that many employees have some bad habits that could put corporate information at risk. For instance, 30% leave mobile devices unattended in their vehicles and 33% use the same password for both work and personal devices.
Furthermore, 35% have clicked on a link contained in an unsolicited email, 58% store sensitive information on their mobile devices, and 59% have admitted storing work information in the cloud.
“While today’s organizations continue to harden their infrastructure to protect against the latest cyber threats, this report reveals that they too often fail to arm their employees with the critical information needed to avoid a data breach, prevent phishing, or report a possible security incident,” said Craig Kunitani, COO with Security Mentor.
“Every organization should make security awareness training part of its defense in depth strategy. Many of our customers report they’ve had great success in educating their staff using our security awareness training program because of our brief, interactive, and informative lessons.”
The executive summary of the “Security Awareness Training: It's Not Just for Compliance” report is available on EMA’s website.